Russian Hackers’ New Tactics: Shifting from Disruption to Subversion

Threats Ukrainian official: Russian hackers change tactics from disruptive attacks

By Christian Vasquez | August 9, 2023

A top cybersecurity official from Ukraine has revealed that Russian hackers have shifted their tactics from disruptive attacks to intelligence gathering aimed at gaining an advantage on the battlefield. Victor Zhora, the deputy chairman of the State Service of Special Communications and Information Protection of Ukraine, made these remarks during a panel appearance at the Black Hat security conference in Las Vegas. Zhora noted that there has been a noticeable change in cyber activities, with Russian hackers focusing more on cyber espionage and data collection rather than disruptive and chaotic attacks.

Focused Activity on Intelligence Gathering

Zhora highlighted that Ukrainian network defenders recently uncovered a Russian operation that targeted Ukraine’s situational awareness system and technical battlefield systems in order to gain information that could provide Russia with an advantage on the battlefield. According to a recent report from Ukrainian security services, Russian hackers targeted Android phones used by Ukrainian military personnel for planning and operating combat missions. The hackers attempted to spread malware that targeted configuration information of Starlink satellite terminals — a key tool of the Ukrainian military — as well as backup communication channels. The operation has been attributed with high confidence to Russia’s infamous Sandworm hacking unit.

The Role of Collaboration and Intelligence Sharing

Zhora emphasized the importance of collaboration and shared threat intelligence in detecting and disrupting cyber campaigns. He stated that Ukraine has seen success in thwarting Russian operations in part due to increased collaboration and intelligence sharing. This cooperation has enabled Ukrainian defenders to detect campaigns before they occur, leading to early disruption. Jen Easterly, the director of the Cybersecurity and Infrastructure Security Agency (CISA), spoke alongside Zhora and highlighted the memorandum of cooperation between CISA and Ukraine’s State Service of Special Communications and Information Protection. This collaboration has allowed for effective information sharing, best practices, joint exercises, and training, all aimed at enhancing cybersecurity.

The Need for Societal Resilience

Easterly, speaking at the panel, underscored the importance of societal resilience in responding to cyber threats. While Ukraine has demonstrated great resilience in countering Russian cyberattacks, Easterly noted that the U.S. public is often less resilient in the face of similar threats. She mentioned the Colonial Pipeline ransomware attack and the incident involving the Chinese spy balloon that floated over the U.S. as examples where the American people could improve their response. Easterly emphasized the need for unity and resilience in the face of serious cyber threats, such as those posed by Russia and China.

Broader Cyber Threat Landscape

While Russia remains a major threat in cyberspace, the U.S. intelligence community’s annual threat assessment also points to the capabilities of China. The assessment states that, in the event of a conflict, China is “almost certainly capable” of launching disruptive attacks against U.S. pipeline infrastructure and rail systems. This highlights the importance of staying vigilant and improving cybersecurity across critical infrastructure sectors.

Editorial and Advice

The evolving tactics of Russian hackers highlight the need for constant vigilance and adaptation in the face of cyber threats. The shift from disruptive attacks to intelligence gathering underscores the importance of information security and the protection of sensitive data. Organizations and countries should prioritize collaboration, information sharing, and joint exercises to enhance their capabilities in detecting and countering cyber threats.

Efforts should also be directed towards improving societal resilience. The U.S., in particular, can learn from Ukraine’s example of responding to cyberattacks. Building a resilient society involves raising awareness about cybersecurity risks, implementing robust security practices at all levels, and fostering unity in the face of threats. The public must be educated about the potential consequences of cyberattacks and the role they can play in preventing and mitigating such incidents.

It is imperative for governments and organizations to invest in cybersecurity measures, both in terms of technological advancements and human resources. This includes continuous monitoring, regular vulnerability assessments, and the implementation of strong security protocols. Strong collaboration between public and private sectors is crucial for developing effective cyber defense strategies and sharing threat intelligence.

As the cyber threat landscape evolves, countries and organizations must remain agile and proactive in their approach to cybersecurity. Cyber defense capabilities should be constantly upgraded to keep pace with emerging threats and ensure the protection of critical systems and sensitive information. By staying vigilant, working together, and investing in cybersecurity, countries can mitigate the risks posed by cyber adversaries and safeguard their national security interests.